Merge "Add minimum TLS version for Wi-Fi EAP network"
This commit is contained in:
TreeHugger Robot
committed by
Android (Google) Code Review
Android (Google) Code Review
commit
cbe52e6b1c
@@ -187,6 +187,24 @@
|
|||||||
android:prompt="@string/wifi_eap_ca_cert"/>
|
android:prompt="@string/wifi_eap_ca_cert"/>
|
||||||
</LinearLayout>
|
</LinearLayout>
|
||||||
|
|
||||||
|
<LinearLayout android:id="@+id/l_min_tls_ver"
|
||||||
|
android:layout_width="match_parent"
|
||||||
|
android:layout_height="wrap_content"
|
||||||
|
android:visibility="gone"
|
||||||
|
style="@style/wifi_item">
|
||||||
|
<TextView
|
||||||
|
android:layout_width="wrap_content"
|
||||||
|
android:layout_height="wrap_content"
|
||||||
|
style="@style/wifi_item_label"
|
||||||
|
android:text="@string/wifi_eap_min_tls_ver"/>
|
||||||
|
|
||||||
|
<Spinner android:id="@+id/min_tls_ver"
|
||||||
|
android:layout_width="match_parent"
|
||||||
|
android:layout_height="wrap_content"
|
||||||
|
style="@style/wifi_item_spinner"
|
||||||
|
android:prompt="@string/wifi_eap_min_tls_ver"/>
|
||||||
|
</LinearLayout>
|
||||||
|
|
||||||
<LinearLayout android:id="@+id/l_ocsp"
|
<LinearLayout android:id="@+id/l_ocsp"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
android:layout_height="wrap_content"
|
android:layout_height="wrap_content"
|
||||||
|
|||||||
@@ -211,6 +211,15 @@
|
|||||||
<item>Require certificate status</item>
|
<item>Require certificate status</item>
|
||||||
</string-array>
|
</string-array>
|
||||||
|
|
||||||
|
<!-- Match this with the integer value of WifiEnterpriseConfig.TlsVersion -->
|
||||||
|
<!-- Type of TlsVersion -->
|
||||||
|
<string-array name="wifi_eap_tls_ver" translatable="false">
|
||||||
|
<item>TLS v1.0</item>
|
||||||
|
<item>TLS v1.1</item>
|
||||||
|
<item>TLS v1.2</item>
|
||||||
|
<item>TLS v1.3</item>
|
||||||
|
</string-array>
|
||||||
|
|
||||||
<!-- Wi-Fi AP band settings. Either 2.4GHz or 5GHz prefer. -->
|
<!-- Wi-Fi AP band settings. Either 2.4GHz or 5GHz prefer. -->
|
||||||
<!-- Note that adding/removing/moving the items will need wifi settings code change. -->
|
<!-- Note that adding/removing/moving the items will need wifi settings code change. -->
|
||||||
<string-array translatable="false" name="wifi_ap_band">
|
<string-array translatable="false" name="wifi_ap_band">
|
||||||
|
|||||||
@@ -1545,6 +1545,8 @@
|
|||||||
<string name="please_select_phase2">Phase 2 authentication</string>
|
<string name="please_select_phase2">Phase 2 authentication</string>
|
||||||
<!-- Label for the EAP CA certificate of the network -->
|
<!-- Label for the EAP CA certificate of the network -->
|
||||||
<string name="wifi_eap_ca_cert">CA certificate</string>
|
<string name="wifi_eap_ca_cert">CA certificate</string>
|
||||||
|
<!-- Label for the EAP minimum TLS version of the network -->
|
||||||
|
<string name="wifi_eap_min_tls_ver">Minimum TLS version</string>
|
||||||
<!-- Label for the OCSP type of the network. [CHAR LIMIT=32] -->
|
<!-- Label for the OCSP type of the network. [CHAR LIMIT=32] -->
|
||||||
<string name="wifi_eap_ocsp">Online Certificate Status</string>
|
<string name="wifi_eap_ocsp">Online Certificate Status</string>
|
||||||
<!-- Label for the domain name that the EAP CA certificate(s) can be used to validate. -->
|
<!-- Label for the domain name that the EAP CA certificate(s) can be used to validate. -->
|
||||||
|
|||||||
@@ -179,6 +179,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
private int mLastShownEapMethod;
|
private int mLastShownEapMethod;
|
||||||
@VisibleForTesting Spinner mEapSimSpinner; // For EAP-SIM, EAP-AKA and EAP-AKA-PRIME.
|
@VisibleForTesting Spinner mEapSimSpinner; // For EAP-SIM, EAP-AKA and EAP-AKA-PRIME.
|
||||||
@VisibleForTesting Spinner mEapCaCertSpinner;
|
@VisibleForTesting Spinner mEapCaCertSpinner;
|
||||||
|
private Spinner mEapMinTlsVerSpinner;
|
||||||
private Spinner mEapOcspSpinner;
|
private Spinner mEapOcspSpinner;
|
||||||
private TextView mEapDomainView;
|
private TextView mEapDomainView;
|
||||||
private Spinner mPhase2Spinner;
|
private Spinner mPhase2Spinner;
|
||||||
@@ -744,11 +745,14 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
+ ") should not both be non-null");
|
+ ") should not both be non-null");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only set OCSP option if there is a valid CA certificate.
|
// Only set certificate option if there is a valid CA certificate.
|
||||||
if (caCert.equals(mUnspecifiedCertString)) {
|
if (caCert.equals(mUnspecifiedCertString)) {
|
||||||
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
|
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
|
||||||
|
config.enterpriseConfig.setMinimumTlsVersion(WifiEnterpriseConfig.TLS_V1_0);
|
||||||
} else {
|
} else {
|
||||||
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
|
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
|
||||||
|
config.enterpriseConfig.setMinimumTlsVersion(
|
||||||
|
mEapMinTlsVerSpinner.getSelectedItemPosition());
|
||||||
}
|
}
|
||||||
|
|
||||||
String clientCert = (String) mEapUserCertSpinner.getSelectedItem();
|
String clientCert = (String) mEapUserCertSpinner.getSelectedItem();
|
||||||
@@ -1005,6 +1009,8 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
mPhase2Spinner.setOnItemSelectedListener(this);
|
mPhase2Spinner.setOnItemSelectedListener(this);
|
||||||
mEapCaCertSpinner = (Spinner) mView.findViewById(R.id.ca_cert);
|
mEapCaCertSpinner = (Spinner) mView.findViewById(R.id.ca_cert);
|
||||||
mEapCaCertSpinner.setOnItemSelectedListener(this);
|
mEapCaCertSpinner.setOnItemSelectedListener(this);
|
||||||
|
mEapMinTlsVerSpinner = getEapMinTlsVerSpinner(mWifiManager.isTlsV13Supported());
|
||||||
|
|
||||||
mEapOcspSpinner = (Spinner) mView.findViewById(R.id.ocsp);
|
mEapOcspSpinner = (Spinner) mView.findViewById(R.id.ocsp);
|
||||||
mEapDomainView = (TextView) mView.findViewById(R.id.domain);
|
mEapDomainView = (TextView) mView.findViewById(R.id.domain);
|
||||||
mEapDomainView.addTextChangedListener(this);
|
mEapDomainView.addTextChangedListener(this);
|
||||||
@@ -1148,6 +1154,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
|
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
mEapMinTlsVerSpinner.setSelection(enterpriseConfig.getMinimumTlsVersion());
|
||||||
mEapOcspSpinner.setSelection(enterpriseConfig.getOcsp());
|
mEapOcspSpinner.setSelection(enterpriseConfig.getOcsp());
|
||||||
mEapDomainView.setText(enterpriseConfig.getDomainSuffixMatch());
|
mEapDomainView.setText(enterpriseConfig.getDomainSuffixMatch());
|
||||||
String userCert = enterpriseConfig.getClientCertificateAlias();
|
String userCert = enterpriseConfig.getClientCertificateAlias();
|
||||||
@@ -1179,6 +1186,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
mEapMethodSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
mEapMethodSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||||
mPhase2Spinner.setAccessibilityDelegate(selectedEventBlocker);
|
mPhase2Spinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||||
mEapCaCertSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
mEapCaCertSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||||
|
mEapMinTlsVerSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||||
mEapOcspSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
mEapOcspSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||||
mEapUserCertSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
mEapUserCertSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||||
}
|
}
|
||||||
@@ -1214,6 +1222,9 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
// Defaults for most of the EAP methods and over-riden by
|
// Defaults for most of the EAP methods and over-riden by
|
||||||
// by certain EAP methods
|
// by certain EAP methods
|
||||||
mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
|
mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
|
||||||
|
if (mWifiManager.isTlsMinimumVersionSupported()) {
|
||||||
|
mView.findViewById(R.id.l_min_tls_ver).setVisibility(View.VISIBLE);
|
||||||
|
}
|
||||||
mView.findViewById(R.id.l_ocsp).setVisibility(View.VISIBLE);
|
mView.findViewById(R.id.l_ocsp).setVisibility(View.VISIBLE);
|
||||||
mView.findViewById(R.id.password_layout).setVisibility(View.VISIBLE);
|
mView.findViewById(R.id.password_layout).setVisibility(View.VISIBLE);
|
||||||
mView.findViewById(R.id.show_password_layout).setVisibility(View.VISIBLE);
|
mView.findViewById(R.id.show_password_layout).setVisibility(View.VISIBLE);
|
||||||
@@ -1224,6 +1235,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
case WIFI_EAP_METHOD_PWD:
|
case WIFI_EAP_METHOD_PWD:
|
||||||
setPhase2Invisible();
|
setPhase2Invisible();
|
||||||
setCaCertInvisible();
|
setCaCertInvisible();
|
||||||
|
setMinTlsVerInvisible();
|
||||||
setOcspInvisible();
|
setOcspInvisible();
|
||||||
setDomainInvisible();
|
setDomainInvisible();
|
||||||
setAnonymousIdentInvisible();
|
setAnonymousIdentInvisible();
|
||||||
@@ -1265,6 +1277,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
setPhase2Invisible();
|
setPhase2Invisible();
|
||||||
setAnonymousIdentInvisible();
|
setAnonymousIdentInvisible();
|
||||||
setCaCertInvisible();
|
setCaCertInvisible();
|
||||||
|
setMinTlsVerInvisible();
|
||||||
setOcspInvisible();
|
setOcspInvisible();
|
||||||
setDomainInvisible();
|
setDomainInvisible();
|
||||||
setUserCertInvisible();
|
setUserCertInvisible();
|
||||||
@@ -1278,6 +1291,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
if (eapCertSelection.equals(mUnspecifiedCertString)
|
if (eapCertSelection.equals(mUnspecifiedCertString)
|
||||||
|| (mIsTrustOnFirstUseSupported
|
|| (mIsTrustOnFirstUseSupported
|
||||||
&& eapCertSelection.equals(mTrustOnFirstUse))) {
|
&& eapCertSelection.equals(mTrustOnFirstUse))) {
|
||||||
|
setMinTlsVerInvisible();
|
||||||
// Domain suffix matching is not relevant if the user hasn't chosen a CA
|
// Domain suffix matching is not relevant if the user hasn't chosen a CA
|
||||||
// certificate yet, or chooses not to validate the EAP server.
|
// certificate yet, or chooses not to validate the EAP server.
|
||||||
setDomainInvisible();
|
setDomainInvisible();
|
||||||
@@ -1319,6 +1333,11 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
|
setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void setMinTlsVerInvisible() {
|
||||||
|
mView.findViewById(R.id.l_min_tls_ver).setVisibility(View.GONE);
|
||||||
|
mEapMinTlsVerSpinner.setSelection(WifiEnterpriseConfig.TLS_V1_0);
|
||||||
|
}
|
||||||
|
|
||||||
private void setOcspInvisible() {
|
private void setOcspInvisible() {
|
||||||
mView.findViewById(R.id.l_ocsp).setVisibility(View.GONE);
|
mView.findViewById(R.id.l_ocsp).setVisibility(View.GONE);
|
||||||
mEapOcspSpinner.setSelection(WifiEnterpriseConfig.OCSP_NONE);
|
mEapOcspSpinner.setSelection(WifiEnterpriseConfig.OCSP_NONE);
|
||||||
@@ -1920,4 +1939,18 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@VisibleForTesting
|
||||||
|
Spinner getEapMinTlsVerSpinner(boolean isTlsV13Supported) {
|
||||||
|
Spinner spinner = mView.findViewById(R.id.min_tls_ver);
|
||||||
|
String[] stringArray = mContext.getResources().getStringArray(R.array.wifi_eap_tls_ver);
|
||||||
|
if (!isTlsV13Supported) {
|
||||||
|
Log.w(TAG, "Wi-Fi Enterprise TLS v1.3 is not supported on this device");
|
||||||
|
List<String> list = new ArrayList<>(Arrays.asList(stringArray));
|
||||||
|
list.remove(WifiEnterpriseConfig.TLS_V1_3);
|
||||||
|
stringArray = list.toArray(new String[0]);
|
||||||
|
}
|
||||||
|
spinner.setAdapter(getSpinnerAdapter(stringArray));
|
||||||
|
return spinner;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -73,11 +73,16 @@ import org.robolectric.shadows.ShadowInputMethodManager;
|
|||||||
import org.robolectric.shadows.ShadowSubscriptionManager;
|
import org.robolectric.shadows.ShadowSubscriptionManager;
|
||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
import java.util.stream.IntStream;
|
||||||
|
|
||||||
@RunWith(RobolectricTestRunner.class)
|
@RunWith(RobolectricTestRunner.class)
|
||||||
@Config(shadows = ShadowConnectivityManager.class)
|
@Config(shadows = ShadowConnectivityManager.class)
|
||||||
public class WifiConfigController2Test {
|
public class WifiConfigController2Test {
|
||||||
|
|
||||||
|
static final String WIFI_EAP_TLS_V1_3 = "TLS v1.3";
|
||||||
|
|
||||||
@Mock
|
@Mock
|
||||||
private WifiConfigUiBase2 mConfigUiBase;
|
private WifiConfigUiBase2 mConfigUiBase;
|
||||||
@Mock
|
@Mock
|
||||||
@@ -938,6 +943,26 @@ public class WifiConfigController2Test {
|
|||||||
assertThat(mEapUserCertSpinner.getSelectedItem()).isEqualTo(SAVED_USER_CERT);
|
assertThat(mEapUserCertSpinner.getSelectedItem()).isEqualTo(SAVED_USER_CERT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getEapMinTlsVerSpinner_isTlsV13Supported_containsTlsV13() {
|
||||||
|
Spinner spinner = mController.getEapMinTlsVerSpinner(true /* isTlsV13Supported */);
|
||||||
|
|
||||||
|
List<Object> list = IntStream.range(0, spinner.getAdapter().getCount())
|
||||||
|
.mapToObj(spinner.getAdapter()::getItem)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
assertThat(list).contains(WIFI_EAP_TLS_V1_3);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getEapMinTlsVerSpinner_isNotTlsV13Supported_doesNotContainTlsV13() {
|
||||||
|
Spinner spinner = mController.getEapMinTlsVerSpinner(false /* isTlsV13Supported */);
|
||||||
|
|
||||||
|
List<Object> list = IntStream.range(0, spinner.getAdapter().getCount())
|
||||||
|
.mapToObj(spinner.getAdapter()::getItem)
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
assertThat(list).doesNotContain(WIFI_EAP_TLS_V1_3);
|
||||||
|
}
|
||||||
|
|
||||||
private void setUpModifyingSavedCertificateConfigController(String savedCaCertificate,
|
private void setUpModifyingSavedCertificateConfigController(String savedCaCertificate,
|
||||||
String savedUserCertificate) {
|
String savedUserCertificate) {
|
||||||
final WifiConfiguration mockWifiConfig = mock(WifiConfiguration.class);
|
final WifiConfiguration mockWifiConfig = mock(WifiConfiguration.class);
|
||||||
|
|||||||
Reference in New Issue
Block a user